---
page_title: "cloudflare_access_organization Resource - Cloudflare"
subcategory: ""
description: |-
  A Zero Trust organization defines the user login experience.
---

# cloudflare_access_organization (Resource)

A Zero Trust organization defines the user login experience.

## Example Usage

```terraform
resource "cloudflare_access_organization" "example" {
  account_id                         = "f037e56e89293a057740de681ac9abbe"
  name                               = "example.cloudflareaccess.com"
  auth_domain                        = "example.cloudflareaccess.com"
  is_ui_read_only                    = false
  user_seat_expiration_inactive_time = "720h"
  auto_redirect_to_identity          = false

  login_design {
    background_color = "#ffffff"
    text_color       = "#000000"
    logo_path        = "https://example.com/logo.png"
    header_text      = "My header text"
    footer_text      = "My footer text"
  }
}
```
<!-- schema generated by tfplugindocs -->
## Schema

### Required

- `auth_domain` (String) The unique subdomain assigned to your Zero Trust organization.

### Optional

- `account_id` (String) The account identifier to target for the resource. Conflicts with `zone_id`.
- `auto_redirect_to_identity` (Boolean) When set to true, users skip the identity provider selection step during login.
- `custom_pages` (Block List) Custom pages for your Zero Trust organization. (see [below for nested schema](#nestedblock--custom_pages))
- `is_ui_read_only` (Boolean) When set to true, this will disable all editing of Access resources via the Zero Trust Dashboard.
- `login_design` (Block List) (see [below for nested schema](#nestedblock--login_design))
- `name` (String) The name of your Zero Trust organization.
- `session_duration` (String) How often a user will be forced to re-authorise. Must be in the format `48h` or `2h45m`.
- `ui_read_only_toggle_reason` (String) A description of the reason why the UI read only field is being toggled.
- `user_seat_expiration_inactive_time` (String) The amount of time a user seat is inactive before it expires. When the user seat exceeds the set time of inactivity, the user is removed as an active seat and no longer counts against your Teams seat count. Must be in the format `300ms` or `2h45m`.
- `zone_id` (String) The zone identifier to target for the resource. Conflicts with `account_id`.

### Read-Only

- `id` (String) The ID of this resource.

<a id="nestedblock--custom_pages"></a>
### Nested Schema for `custom_pages`

Optional:

- `forbidden` (String) The id of the forbidden page.
- `identity_denied` (String) The id of the identity denied page.


<a id="nestedblock--login_design"></a>
### Nested Schema for `login_design`

Optional:

- `background_color` (String) The background color on the login page.
- `footer_text` (String) The text at the bottom of the login page.
- `header_text` (String) The text at the top of the login page.
- `logo_path` (String) The URL of the logo on the login page.
- `text_color` (String) The text color on the login page.

## Import

Import is supported using the following syntax:

```shell
$ terraform import cloudflare_access_organization.example <account_id>
```
